adask-b/.claude/skills/k8s-platform-expert
.claude/skills/k8s-platform-expert/SKILL.md
--- name: k8s-platform-expert description: Complete Kubernetes platform expertise - deployment, security hardening, and systematic troubleshooting. Use for workload deployment, Helm charts, RBAC, NetworkPolicies, incident response, and diagnostics. Keywords: Kubernetes, K8s, kubectl, Helm, RBAC, troubleshooting, incident response, GitOps. --- # Kubernetes Platform Expert A comprehensive Kubernetes skill combining deployment expertise with systematic troubleshooting capabilities. Covers the ful
$ install --global
skillsauthnpx skillsauth add adask-b/agent-ready-k8s .claude/skills/k8s-platform-expertInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 4, 2026, 3:58 AM148.5s7 files scanned
SKILL.md
- name:
- k8s-platform-expert
- description:
- Complete Kubernetes platform expertise - deployment, security hardening, and systematic troubleshooting. Use for workload deployment, Helm charts, RBAC, NetworkPolicies, incident response, and diagnostics. Keywords: Kubernetes, K8s, kubectl, Helm, RBAC, troubleshooting, incident response, GitOps.
Kubernetes Platform Expert
A comprehensive Kubernetes skill combining deployment expertise with systematic troubleshooting capabilities. Covers the full lifecycle from design and deployment through incident response and remediation.
When to Use This Skill
Deployment & Configuration:
- Deploying workloads (Deployments, StatefulSets, DaemonSets, Jobs)
- Configuring networking (Services, Ingress, NetworkPolicies)
- Managing configuration (ConfigMaps, Secrets)
- Setting up persistent storage (PV, PVC, StorageClasses)
- Creating and managing Helm charts
- Implementing security best practices (RBAC, PSS)
Troubleshooting & Incident Response:
- Investigating pod failures (CrashLoopBackOff, ImagePullBackOff, Pending)
- Responding to production incidents or outages
- Diagnosing cluster health issues
- Troubleshooting networking or storage problems
- Debugging ArgoCD sync failures
- Troubleshooting Helm release problems
- Diagnosing kind cluster issues (local development)
Part 1: Deployment & Security
Core Deployment Workflow
- Analyze requirements - workload characteristics, scaling needs, security requirements
- Design architecture - workload types, networking patterns, storage solutions
- Implement manifests - declarative YAML with proper resource limits, health checks
- Secure - apply RBAC, NetworkPolicies, Pod Security Standards
- Test & validate - verify deployments, test failure scenarios
Deployment Constraints (MUST DO)
- Use declarative YAML manifests (avoid imperative kubectl commands)
- Set resource requests AND limits on all containers
- Include liveness and readiness probes
- Use Secrets for sensitive data (never hardcode)
- Apply least privilege RBAC permissions
- Implement NetworkPolicies for network segmentation
- Use namespaces for logical isolation
- Label resources consistently
- Pin image versions (never use
latestin production)
Deployment Constraints (MUST NOT DO)
- Deploy without resource limits
- Store secrets in ConfigMaps or plain env vars
- Use default ServiceAccount for application pods
- Allow unrestricted network access (default allow-all)
- Run containers as root without justification
- Skip health checks
- Expose unnecessary ports or services
Output Templates
When implementing Kubernetes resources, provide:
- Complete YAML manifests with proper structure
- RBAC configuration (ServiceAccount, Role, RoleBinding)
- NetworkPolicy for network isolation
- Brief explanation of design decisions
Part 2: Troubleshooting & Incident Response
Core Troubleshooting Workflow
-
Gather Context
- What is the observed symptom?
- When did it start?
- What changed recently?
- What is the scope (pod, service, node, cluster)?
- What is the business impact?
-
Initial Triage Run cluster health check:
python3 .claude/skills/k8s-platform-expert/scripts/cluster_health.py -
Deep Dive Investigation
Namespace-Level:
python3 .claude/skills/k8s-platform-expert/scripts/check_namespace.py <namespace>Pod-Level:
python3 .claude/skills/k8s-platform-expert/scripts/diagnose_pod.py <namespace> <pod-name>ArgoCD Issues:
python3 .claude/skills/k8s-platform-expert/scripts/diagnose_argocd.py <app-name>Helm Issues:
python3 .claude/skills/k8s-platform-expert/scripts/diagnose_helm.py <release> <namespace> -
Identify Root Cause - consult references/common-issues.md
-
Apply Remediation - test in non-prod first, document actions, have rollback ready
-
Verify & Monitor - confirm fix, monitor 15-30 min minimum
Incident Severity Levels
| Level | Description | Examples | |-------|-------------|----------| | SEV-1 | Critical | Complete outage, data loss, security breach | | SEV-2 | High | Major degradation, significant user impact | | SEV-3 | Medium | Minor impairment, workaround available | | SEV-4 | Low | Cosmetic, minimal impact |
Quick Reference Commands
Cluster Overview:
kubectl cluster-info
kubectl get nodes
kubectl get pods --all-namespaces | grep -v Running
kubectl get events --all-namespaces --sort-by='.lastTimestamp' | tail -20
Pod Diagnostics:
kubectl describe pod <pod> -n <namespace>
kubectl logs <pod> -n <namespace>
kubectl logs <pod> -n <namespace> --previous
kubectl exec -it <pod> -n <namespace> -- /bin/sh
Node Diagnostics:
kubectl describe node <node>
kubectl top nodes
kubectl top pods --all-namespaces
Service & Network:
kubectl describe svc <service> -n <namespace>
kubectl get endpoints <service> -n <namespace>
kubectl get networkpolicies -n <namespace>
Storage:
kubectl get pvc,pv -n <namespace>
kubectl describe pvc <pvc> -n <namespace>
kubectl get storageclass
Best Practices
Always:
- Start with high-level health check before deep diving
- Document symptoms and findings
- Check recent changes (deployments, config, infrastructure)
- Preserve logs before making destructive changes
- Test fixes in non-production when possible
- Monitor after applying fixes
Never:
- Make production changes without understanding impact
- Delete resources without confirming safety
- Restart pods repeatedly without investigating root cause
- Apply fixes without documentation
- Skip post-incident review
Related References
- references/common-issues.md - Detailed troubleshooting guides
- references/deployment-patterns.md - Workload patterns
- references/security-hardening.md - Security best practices
Sources
Combined from:
- Jeffallan/claude-skills - kubernetes-specialist
- ahmedasmar/devops-claude-skills - k8s-troubleshooter
Related Skills
adask-b/.claude/skills/security-compliance-guard
development
VerifiedTrustedCommunity
--- name: security-compliance-guard description: Implement zero-trust security, secrets management, and compliance. Use for Vault, ESO, Kyverno, OPA, Pod Security, RBAC, and supply chain security. Keywords: security, secrets, Vault, ESO, Kyverno, OPA, RBAC, compliance, SBOM, Cosign. --- # Security & Compliance Guard Expert in implementing zero-trust security posture, secrets management, and compliance controls for Kubernetes environments. ## When to Use This Skill - Setting up secrets manage
1SKILL.mdUpdated Apr 4, 2026
adask-b/.claude/skills/observability-engineer
testing
VerifiedTrustedCommunity
--- name: observability-engineer description: Design and implement observability stack with metrics, logs, and traces. Use for Prometheus, Grafana, Loki, Tempo, OpenTelemetry, alerting, and SLO/SLI design. Keywords: observability, monitoring, tracing, Prometheus, Grafana, Loki, Tempo, OpenTelemetry, OTEL, alerting, SLO, SLI. --- # Observability Engineer Expert in designing and implementing comprehensive observability solutions for Kubernetes environments. Covers the three pillars: metrics, log
1SKILL.mdUpdated Apr 4, 2026
adask-b/.claude/skills/multi-cloud-architect
devops
VerifiedTrustedCommunity
--- name: multi-cloud-architect description: Design and implement portable Kubernetes infrastructure across cloud providers. Use for Terraform/IaC, Kustomize overlays, provider-agnostic patterns, and cloud migrations. Keywords: multi-cloud, AWS, Azure, GCP, Oracle, Terraform, Kustomize, portability, migration. --- # Multi-Cloud Architect Expert in designing portable Kubernetes infrastructure that can run on any cloud provider (Oracle, Azure, AWS, GCP) or on-premises with minimal changes. ## W
1SKILL.mdUpdated Apr 4, 2026
adask-b/.claude/skills/gitops-pipeline-master
tools
VerifiedTrustedCommunity
--- name: gitops-pipeline-master description: Design and implement GitOps workflows with ArgoCD and CI/CD pipelines. Use for GitHub Actions, image promotion, rollout strategies, and deployment automation. Keywords: GitOps, ArgoCD, CI/CD, GitHub Actions, deployment, rollout, canary, blue-green. --- # GitOps Pipeline Master Expert in designing GitOps-based deployment workflows with Argo CD and CI/CD automation. ## When to Use This Skill - Setting up Argo CD Applications and ApplicationSets - D
1SKILL.mdUpdated Apr 4, 2026